date:20170821

[Bug 61448] Cluster StaticMember (McastService:Required property "tcpListenPort" is missing)

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61448

--- Comment #2 from Keiichi Fujino  ---
If you want to use static cluster membership, you do not need to use
McastService.
So you should set channelStartOptions = "3".



-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Regression with PKCS11 KeyStores?

2017-08-21 Thread Daniel Ruggeri


Hello, Tomcat devs;
I have detected what appears to be a regression in 8.5.20 with JSSE 
keystores since 8.5.16. With my limited understanding I'm unable to 
pinpoint the exact cause to a certainty after poking around a bit, so I 
thought I'd pass what info I have along and get some thoughts.


Below is the error message I am getting:
21-Aug-2017 15:01:57.989 SEVERE [main] 
org.apache.catalina.core.StandardService.initInternal Failed to 
initialize connector [Connector[Http11Nio2ProtocolCryptovault-25005

]]
 org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[Http11Nio2ProtocolCryptovault-25005]]
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)

at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
at org.apache.catalina.startup.Catalina.load(Catalina.java:630)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:999)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)

... 12 more
Caused by: java.lang.IllegalArgumentException: 
java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 
encoded
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at 
org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:163)
at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:982)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:244)
at 
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:620)
at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:997)

... 13 more
Caused by: java.security.KeyStoreException: Cannot get key bytes, not 
PKCS#8 encoded
at 
sun.security.provider.KeyProtector.protect(KeyProtector.java:174)
at 
sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267)
at 
sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)
at 
sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117)
at 
sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70)

at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
at 
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:226)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)

... 20 mor

I did notice that because of the revision mentioned above (to 
JSSEUtil.java), KeyStore objects that aren't PEM encoded are loaded as 
an in-memory JKS keystore and a call to setKeyEntry is made. I may be 
wrong, but I think this is causing the failure. The hint I had to go 
from is that the documentation for the second form of setKeyEntry 
requires the key bytes to be PKCS8 encoded since this underlying 
keystore is JKS[1]... but we cannot guarantee that the getKey[2] call 
returned a Key that is PKCS8 encoded. With the implementation I am 
using, it's unclear what the encoding is for the Key object, but since 
PKCS11 is a common interface for hardware crypto, I'm sure many 
different types (or none at all) are possible. Looking into the source 
for engineSetKeyEntry(String alias, byte[] key, Certificate[] chain), I 
see that a call to protect() is made which does the check for PKCS8 
encoding. This appears to explain the exception.


Unfortunately... I'm not sure where to go from there (if that even is 
the issue). It wouldn't help to switch to setKeyEntry(String alias, 
byte[] key, Certificate[] chain) since that also has the same PKCS8 
encoding requirement. I also don't think it would be possible to obtain 
the raw key bytes since a hardware crypto device would certainly block 
such an operation and it would be out

Re: Config warning when using OpenSSL config items and useOpenSSL=true

2017-08-21 Thread Rainer Jung


Am 21.08.2017 um 20:01 schrieb Mark Thomas:

On 19/08/17 22:44, Rainer Jung wrote:

Assume tcantive and OpenSSL is available.

When using the AprLifecycleListener with useOpenssl="true" (default) and
useAprConnector="false" (also default) with a Java NIO or NIO2 connector
and *not* setting the sslImplementationName one gets warnings for each
config item which is OpenSSL only.

Since with these (default) settings the connector uses OpenSSL the
warnings doesn't make sense.

The reason is, that the config is checked very early, especially before
the AprLifecycleListener kicks in and sets the sslImplementationName to
OpenSSL.


I can't reproduce this. Can you provide the configuration you are using?


I do not have a good idea how to fix this. It is not related to my
commits of today.

Example message:

WARNING [main] org.apache.tomcat.util.net.SSLHostConfig.setConfigType
The property [disableCompression] was set on the SSLHostConfig named
[_default_] and is for connectors of type [OPENSSL] but the
SSLHostConfig is being used with a connector of type [JSSE]


That message might need more careful wording since it isn't the
connector type, it is the configuration style.

You can use either configuration style (JSSE or OpenSSL) with either
implementation (JSSE or OpenSSL). However, you can't mix the two
configuration styles within a single SSLHostConfig.


Sorry for not being more specific.

An example that work here:

- current trunk

- adjust server.xml as follows:

--- conf/server.xml   2017-08-21 22:05:12.706794000 +0200
+++ conf/server.xml 2017-08-21 22:10:27.472768000 +0200
@@ -85,14 +85,17 @@
  the SSLImplementation selected. JSSE style configuration is 
used below.

 -->
 
 protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150" SSLEnabled="true">
-
-
++ 
certificateFile="/path/to/test-ca/certs/localhost-rsa-cert.pem"
+ 
certificateKeyFile="/path/to/test-ca/keys/localhost-rsa-key.pem"
+ 
certificateChainFile="/path/to/test-ca/certs/localhost-rsa-chain.pem"

  type="RSA" />
 
 
--->

Re: Config warning when using OpenSSL config items and useOpenSSL=true

2017-08-21 Thread Mark Thomas

On 19/08/17 22:44, Rainer Jung wrote:
> Assume tcantive and OpenSSL is available.
> 
> When using the AprLifecycleListener with useOpenssl="true" (default) and
> useAprConnector="false" (also default) with a Java NIO or NIO2 connector
> and *not* setting the sslImplementationName one gets warnings for each
> config item which is OpenSSL only.
> 
> Since with these (default) settings the connector uses OpenSSL the
> warnings doesn't make sense.
> 
> The reason is, that the config is checked very early, especially before
> the AprLifecycleListener kicks in and sets the sslImplementationName to
> OpenSSL.

I can't reproduce this. Can you provide the configuration you are using?

> I do not have a good idea how to fix this. It is not related to my
> commits of today.
> 
> Example message:
> 
> WARNING [main] org.apache.tomcat.util.net.SSLHostConfig.setConfigType
> The property [disableCompression] was set on the SSLHostConfig named
> [_default_] and is for connectors of type [OPENSSL] but the
> SSLHostConfig is being used with a connector of type [JSSE]

That message might need more careful wording since it isn't the
connector type, it is the configuration style.

You can use either configuration style (JSSE or OpenSSL) with either
implementation (JSSE or OpenSSL). However, you can't mix the two
configuration styles within a single SSLHostConfig.

Kind regards,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 48655] Active multipart downloads prevent tomcat shutdown.

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=48655

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #3 from Mark Thomas  ---
In the current code at least, this appears to have been an issue in Tomcat
rather than the native library.

Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards
- 7.0.x for 7.0.82 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1805655 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 17:03:28 2017
New Revision: 1805655

URL: http://svn.apache.org/viewvc?rev=1805655=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655
Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector 
and a multi-part download is in progress.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 17:03:28 2017
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988
 
,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702
 
739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
 
725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,1802814,180361
 8

svn commit: r1805654 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 17:01:24 2017
New Revision: 1805654

URL: http://svn.apache.org/viewvc?rev=1805654=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655
Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector 
and a multi-part download is in progress.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 17:01:24 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1

svn commit: r1805653 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 17:00:48 2017
New Revision: 1805653

URL: http://svn.apache.org/viewvc?rev=1805653=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655
Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector 
and a multi-part download is in progress.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 17:00:48 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216

svn commit: r1805652 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 16:59:56 2017
New Revision: 1805652

URL: http://svn.apache.org/viewvc?rev=1805652=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655
Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector 
and a multi-part download is in progress.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1805652=1805651=1805652=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Mon Aug 21 
16:59:56 2017
@@ -2002,7 +2002,7 @@ public class AprEndpoint extends Abstrac
  0, data.fdpool);
 // Set the socket to nonblocking mode
 Socket.timeoutSet(data.socket, 0);
-while (true) {
+while (sendfileRunning) {
 long nw = Socket.sendfilen(data.socket, data.fd,
data.pos, data.length, 0);
 if (nw < 0) {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805652=1805651=1805652=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 16:59:56 2017
@@ -112,6 +112,11 @@
 renegotiation. (markt)
   
   
+48655: Enable Tomcat to shutdown cleanly when using 
sendfile,
+the APR/native connector and a multi-part download is in progress.
+(markt)
+  
+  
 58244: Handle the case when OpenSSL resumes a TLS session
 using a ticket and the full client certificate chain is not available.
 In this case the client certificate without the chain will be presented



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61448] Cluster StaticMember (McastService:Required property "tcpListenPort" is missing)

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61448

--- Comment #1 from Carlos  ---
How to reproduce:

Set up a cluster with one static member. 
#server.xml:

 
  

  
  
  
  
  
  

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61448] New: Cluster StaticMember (McastService:Required property "tcpListenPort" is missing)

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61448

Bug ID: 61448
   Summary: Cluster StaticMember (McastService:Required property
"tcpListenPort" is missing)
   Product: Tomcat 7
   Version: 7.0.70
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Cluster
  Assignee: dev@tomcat.apache.org
  Reporter: carlosp...@gmail.com
  Target Milestone: ---

Hello,

Cluster static members seem to fail since version 7.0.70 (also
reproduced in 8.0.45, and is the same code than tomcat 9):

SEVERE: The required Server component failed to start so Tomcat is
unable to start.
...
Caused by: org.apache.catalina.tribes.ChannelException:
java.lang.IllegalArgumentException: McastService:Required property
"tcpListenPort" is missing.; No faulty members identified.
at
org.apache.catalina.tribes.group.ChannelCoordinator.internalStart(ChannelCoordinator.java:200)
at
org.apache.catalina.tribes.group.ChannelCoordinator.start(ChannelCoordinator.java:100)
at
org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelInterceptorBase.java:162)
at
org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor.start(StaticMembershipInterceptor.java:168)
at
org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelInterceptorBase.java:162)
at
org.apache.catalina.tribes.group.GroupChannel.start(GroupChannel.java:431)
at
org.apache.catalina.ha.tcp.SimpleTcpCluster.startInternal(SimpleTcpCluster.java:689)
... 15 more
Caused by: java.lang.IllegalArgumentException: McastService:Required
property "tcpListenPort" is missing.
at
org.apache.catalina.tribes.membership.McastService.hasProperty(McastService.java:360)
at
org.apache.catalina.tribes.membership.McastService.start(McastService.java:379)
at
org.apache.catalina.tribes.group.ChannelCoordinator.internalStart(ChannelCoordinator.java:182)
... 21 more

The reason could be here:

$ diff -u
apache-tomcat-7.0.69-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java
apache-tomcat-7.0.70-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java.original
---
apache-tomcat-7.0.69-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java
 2016-04-11 10:02:35.0 +0200
+++
apache-tomcat-7.0.70-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java.original
2016-06-15 18:45:51.0 +0200
@@ -26,6 +26,8 @@
 import org.apache.catalina.tribes.MessageListener;
 import org.apache.catalina.tribes.UniqueId;
 import org.apache.catalina.tribes.membership.McastService;
+import org.apache.catalina.tribes.membership.StaticMember;
+import org.apache.catalina.tribes.transport.ReceiverBase;
 import org.apache.catalina.tribes.transport.ReplicationTransmitter;
 import org.apache.catalina.tribes.transport.SenderState;
 import org.apache.catalina.tribes.transport.nio.NioReceiver;
@@ -141,28 +143,49 @@
 //listens to with the local membership settings
 if ( Channel.SND_RX_SEQ==(svc & Channel.SND_RX_SEQ) ) {
 clusterReceiver.setMessageListener(this);
+if (clusterReceiver instanceof ReceiverBase) {
+((ReceiverBase)clusterReceiver).setChannel(getChannel());
+}
 clusterReceiver.start();
 //synchronize, big time FIXME
-   
membershipService.setLocalMemberProperties(getClusterReceiver().getHost(),
-  
getClusterReceiver().getPort(),
-  
getClusterReceiver().getSecurePort(),
-  
getClusterReceiver().getUdpPort());
+Member localMember = getChannel().getLocalMember(false);
+if (localMember instanceof StaticMember) {
+// static member
+StaticMember staticMember = (StaticMember)localMember;
+staticMember.setHost(getClusterReceiver().getHost());
+staticMember.setPort(getClusterReceiver().getPort());
+   
staticMember.setSecurePort(getClusterReceiver().getSecurePort());
+} else {
+// multicast member
+   
membershipService.setLocalMemberProperties(getClusterReceiver().getHost(),
+getClusterReceiver().getPort(),
+getClusterReceiver().getSecurePort(),
+getClusterReceiver().getUdpPort());
+
+}
 valid = true;
 }


It seems to me that it's always necessary to initialize
membershipService, maybe something like that (untested):

---

[Bug 48655] Active multipart downloads prevent tomcat shutdown.

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=48655

Mark Thomas  changed:

   What|Removed |Added

 Status|NEEDINFO|NEW

--- Comment #2 from Mark Thomas  ---
I can re-create this with Tomcat trunk, Tomcat Native trunk and the "Download
them all" add-on for Firefox.

Stopping Tomcat in the middle of a large download triggered a JVM crash. Not a
major problem since Tomcat was stopping anyway but it would be better to
shutdown cleanly.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61437] 8.0.46: Websockets examples failure with AccessControlException "accessClassInPackage.org.apache.catalina.webresources"

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61437

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #3 from Mark Thomas  ---
Good catch.

Fixed in:
- 8.0.x for 8.0.47 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1805649 - in /tomcat/tc8.0.x/trunk: java/org/apache/catalina/security/SecurityClassLoad.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 16:02:15 2017
New Revision: 1805649

URL: http://svn.apache.org/viewvc?rev=1805649=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61437
Fix a possible AccessControlException accessing the WebSocket examples when 
running under a SecurityManager.

Modified:

tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1805649=1805648=1805649=diff
==
--- 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java 
(original)
+++ 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java 
Mon Aug 21 16:02:15 2017
@@ -47,6 +47,7 @@ public final class SecurityClassLoad {
 loadSessionPackage(loader);
 loadUtilPackage(loader);
 loadValvesPackage(loader);
+loadWebResourcesPackage(loader);
 loadJavaxPackage(loader);
 loadConnectorPackage(loader);
 loadTomcatPackage(loader);
@@ -164,6 +165,13 @@ public final class SecurityClassLoad {
 }
 
 
+private static final void loadWebResourcesPackage(ClassLoader loader)
+throws Exception {
+final String basePackage = "org.apache.catalina.webresources.";
+loader.loadClass(basePackage + "WarResourceSet");
+}
+
+
 private static final void loadCoyotePackage(ClassLoader loader)
 throws Exception {
 final String basePackage = "org.apache.coyote.";

Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1805649=1805648=1805649=diff
==
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Mon Aug 21 16:02:15 2017
@@ -57,6 +57,11 @@
 running under a SecurityManager and using
 Subject.doAs(). (markt)
   
+  
+61437: Fix a possible AccessControlException
+accessing the WebSocket examples when running under a
+SecurityManager. (markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61447] Link is 404

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61447

--- Comment #2 from Mark Thomas  ---
Reported to the infra team:
https://issues.apache.org/jira/browse/INFRA-14921

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61447] Link is 404

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61447

Mark Thomas  changed:

   What|Removed |Added

 OS||All
 Resolution|--- |INVALID
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
Probably a broken mirror. That happens from time to time. Please choose a
different mirror. All the ones I tested worked.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61424] Obtaining a StackOverflowError when running Tomcat 8.5 or 9 with SecurityManager, a javax.management.remote.JMXPrincipal entry is present in catalina.policy file and Subject.doAs method is

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61424

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED
 OS||All

--- Comment #1 from Mark Thomas  ---
Thanks for the report.

There was a targeted fix that handled a similar case that I have converted to a
more general fix. I also back-ported the fix to 8.0.x since the more general
may also be useful there.

Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1805647 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 15:27:48 2017
New Revision: 1805647

URL: http://svn.apache.org/viewvc?rev=1805647=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424
The trick to avoid the relatively slow ClassNotFoundException has another 
(possible) edge case that can trigger a StackOverflowError.
Switch to a general fix that handles the known edge cases and should handle as 
yet unknown edge cases.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 15:27:48 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1

svn commit: r1805646 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 15:25:31 2017
New Revision: 1805646

URL: http://svn.apache.org/viewvc?rev=1805646=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424
The trick to avoid the relatively slow ClassNotFoundException has another edge 
case that can trigger a StackOverflowError.
Switch to a general fix that handles the known edge cases and should handle as 
yet unknown edge cases.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 15:25:31 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216

svn commit: r1805645 - in /tomcat/trunk: java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 15:24:42 2017
New Revision: 1805645

URL: http://svn.apache.org/viewvc?rev=1805645=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424
The trick to avoid the relatively slow ClassNotFoundException has another edge 
case that can trigger a StackOverflowError.
Switch to a general fix that handles the known edge cases and should handle as 
yet unknown edge cases.

Modified:
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1805645=1805644=1805645=diff
==
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Mon 
Aug 21 15:24:42 2017
@@ -1175,8 +1175,14 @@ public abstract class WebappClassLoaderB
 // https://bz.apache.org/bugzilla/show_bug.cgi?id=58125 for
 // details) when running under a security manager in rare cases
 // this call may trigger a ClassCircularityError.
+// See https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 for
+// details of how this may trigger a StackOverflowError
+// Given these reported errors, catch Throwable to ensure any
+// other edge cases are also caught
 tryLoadingFromJavaseLoader = 
(javaseLoader.getResource(resourceName) != null);
-} catch (ClassCircularityError cce) {
+} catch (Throwable t) {
+// Swallow all exceptions apart from those that must be 
re-thrown
+ExceptionUtils.handleThrowable(t);
 // The getResource() trick won't work for this class. We have 
to
 // try loading it directly and accept that we might get a
 // ClassNotFoundException.

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805645=1805644=1805645=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 15:24:42 2017
@@ -64,6 +64,11 @@
 warning about not being able to read a logging configuration file when
 that file does not exist. (markt)
   
+  
+61424: Avoid a possible StackOverflowError when
+running under a SecurityManager and using
+Subject.doAs(). (markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61447] New: Link is 404

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61447

Bug ID: 61447
   Summary: Link is 404
   Product: Tomcat 9
   Version: 9.0.0.M26
  Hardware: PC
   URL: https://tomcat.apache.org/download-90.cgi
Status: NEW
  Severity: normal
  Priority: P2
 Component: Documentation
  Assignee: dev@tomcat.apache.org
  Reporter: apachetomcat.to.dav...@spamgourmet.com
  Target Milestone: -

"The requested URL
/pub/apache/tomcat/tomcat-9/v9.0.0.M26/bin/apache-tomcat-9.0.0.M26.exe was not
found on this server." is returned when trying to download "32-bit/64-bit
Windows Service Installer".

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58244] two way SSL loses client certificate after a few requests

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=58244

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #17 from Mark Thomas  ---
It looks like the OpenSSL behaviour isn't going to change so I've gone ahead
and handled this in the Tomcat code.

Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards
- 7.0.x for 7.0.82 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1805640 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/coyote/http11/Http11AprProcessor.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 14:15:37 2017
New Revision: 1805640

URL: http://svn.apache.org/viewvc?rev=1805640=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
Handle the case when OpenSSL resumes a TLS session using a ticket and the full 
client certificate chain is not available. In this case the client certificate 
without the chain will be presented to the application.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 14:15:37 2017
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988
 
,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702
 
739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
 
725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,1802814,180361
 8

svn commit: r1805639 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/coyote/http11/Http11AprProcessor.java webapps/docs/changelog.xml webapps/docs/config/http.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 14:11:14 2017
New Revision: 1805639

URL: http://svn.apache.org/viewvc?rev=1805639=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
Handle the case when OpenSSL resumes a TLS session using a ticket and the full 
client certificate chain is not available. In this case the client certificate 
without the chain will be presented to the application.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 14:11:14 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1

svn commit: r1805638 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/AprSSLSupport.java webapps/docs/changelog.xml webapps/docs/config/http.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 14:03:53 2017
New Revision: 1805638

URL: http://svn.apache.org/viewvc?rev=1805638=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
Handle the case when OpenSSL resumes a TLS session using a ticket and the full 
client certificate chain is not available. In this case the client certificate 
without the chain will be presented to the application.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/config/http.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 14:03:53 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216

svn commit: r1805637 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprSSLSupport.java webapps/docs/changelog.xml webapps/docs/config/http.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 14:00:32 2017
New Revision: 1805637

URL: http://svn.apache.org/viewvc?rev=1805637=rev
Log:
Handle the case when OpenSSL resumes a TLS session using a ticket and the full 
client certificate chain is not available. In this case the client certificate 
without the chain will be presented to the application.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/http.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java?rev=1805637=1805636=1805637=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java Mon Aug 21 
14:00:32 2017
@@ -54,11 +54,17 @@ public class AprSSLSupport implements SS
 @Override
 public X509Certificate[] getPeerCertificateChain() throws IOException {
 try {
-// certLength == -1 indicates an error
+// certLength == -1 indicates an error unless TLS session tickets
+// are in use in which case OpenSSL won't store the chain in the
+// ticket.
 int certLength = 
socketWrapper.getSSLInfoI(SSL.SSL_INFO_CLIENT_CERT_CHAIN);
 byte[] clientCert = 
socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT);
 X509Certificate[] certs = null;
-if (clientCert != null  && certLength > -1) {
+
+if (clientCert != null) {
+if (certLength < 0) {
+certLength = 0;
+}
 certs = new X509Certificate[certLength + 1];
 CertificateFactory cf;
 if (clientCertProvider == null) {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805637=1805636=1805637=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 14:00:32 2017
@@ -106,6 +106,12 @@
 Ensure that the APR/native connector uses blocking I/O for TLS
 renegotiation. (markt)
   
+  
+58244: Handle the case when OpenSSL resumes a TLS session
+using a ticket and the full client certificate chain is not available.
+In this case the client certificate without the chain will be presented
+to the application. (markt)
+  
 
   
   

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1805637=1805636=1805637=diff
==
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Mon Aug 21 14:00:32 2017
@@ -1192,8 +1192,12 @@
 
 
   OpenSSL only.
-  Disables use of TLS Session Tickets (RFC 4507) if set to
-  true. Default is false.
+  Disables use of TLS session tickets (RFC 5077) if set to
+  true. Default is false. Note that when TLS
+  session tickets are in use, the full peer certificate chain will only be
+  available on the first connection. Subsequent connections (that use a
+  ticket to estrablish the TLS session) will only have the peer 
certificate,
+  not the full chain.
 
 
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58263] Crash during TLS handshake

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=58263

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |WONTFIX
 Status|NEW |RESOLVED

--- Comment #2 from Mark Thomas  ---
It is unlikely that the 1.1.x branch will see any further development. Please
switch to the 1.2.x branch. If you still see this problem with the latest 1.2.x
release, please open a new issue against 1.2.x and we will investigate.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59811] TLS Session ID not available if session tickets are used

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59811

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #1 from Mark Thomas  ---
Digging into to RFC 5077, it is very likely that there will be no session ID
when session tickets are being used.

Therefore, we need to handle this in the Tomcat code.

This was fixed a few weeks ago in r1799701 and r1799703

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61422] Feature requests for tc-native based on forked netty-tcnative

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61422

Mark Thomas  changed:

   What|Removed |Added

 OS||All
 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX

--- Comment #1 from Mark Thomas  ---
Please create separate Bugzilla entries for each of these feature requests
(where one does not exist already - e.g. bug 58434) and we'll take a look.

Resolving as WONTFIX only because no further action will be taken on this
issue. The individual enhancement requests will be looked at on a case by case
basis.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61210

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #11 from Mark Thomas  ---
It has been a while so I've applied my patch for this.

Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1805616 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/ java/org/apache/catalina/security/ java/org/apache/juli/ webapps/docs/

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 09:52:01 2017
New Revision: 1805616

URL: http://svn.apache.org/viewvc?rev=1805616=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
When running under a SecurityManager, do not print a warning about not being 
able to read a logging configuration file when that file does not exist.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java

tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc8.0.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java
tomcat/tc8.0.x/trunk/java/org/apache/juli/WebappProperties.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 09:52:01 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1

svn commit: r1805614 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/loader/ java/org/apache/catalina/security/ java/org/apache/juli/ webapps/docs/

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 09:49:47 2017
New Revision: 1805614

URL: http://svn.apache.org/viewvc?rev=1805614=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
When running under a SecurityManager, do not print a warning about not being 
able to read a logging configuration file when that file does not exist.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc8.5.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java
tomcat/tc8.5.x/trunk/java/org/apache/juli/WebappProperties.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 09:49:47 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216

svn commit: r1805613 - in /tomcat/trunk: java/org/apache/catalina/loader/ java/org/apache/catalina/security/ java/org/apache/juli/ webapps/docs/

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 09:48:09 2017
New Revision: 1805613

URL: http://svn.apache.org/viewvc?rev=1805613=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
When running under a SecurityManager, do not print a warning about not being 
able to read a logging configuration file when that file does not exist.

Modified:
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java
tomcat/trunk/java/org/apache/juli/WebappProperties.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1805613=1805612=1805613=diff
==
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Mon 
Aug 21 09:48:09 2017
@@ -2485,4 +2485,24 @@ public abstract class WebappClassLoaderB
 }
 return null;
 }
+
+
+@Override
+public boolean hasLoggingConfig() {
+if (Globals.IS_SECURITY_ENABLED) {
+Boolean result = AccessController.doPrivileged(new 
PrivilegedHasLoggingConfig());
+return result.booleanValue();
+} else {
+return findResource("logging.properties") != null;
+}
+}
+
+
+private class PrivilegedHasLoggingConfig implements 
PrivilegedAction {
+
+@Override
+public Boolean run() {
+return Boolean.valueOf(findResource("logging.properties") != null);
+}
+}
 }

Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1805613=1805612=1805613=diff
==
--- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Mon 
Aug 21 09:48:09 2017
@@ -74,6 +74,7 @@ public final class SecurityClassLoad {
 private static final void loadLoaderPackage(ClassLoader loader) throws 
Exception {
 final String basePackage = "org.apache.catalina.loader.";
 loader.loadClass(basePackage + 
"WebappClassLoaderBase$PrivilegedFindClassByName");
+loader.loadClass(basePackage + 
"WebappClassLoaderBase$PrivilegedHasLoggingConfig");
 }
 
 

Modified: tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java?rev=1805613=1805612=1805613=diff
==
--- tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java (original)
+++ tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java Mon Aug 21 
09:48:09 2017
@@ -426,7 +426,11 @@ public class ClassLoaderLogManager exten
 // Special case for URL classloaders which are used in containers:
 // only look in the local repositories to avoid redefining loggers 20 
times
 try {
-if (classLoader instanceof URLClassLoader) {
+if (classLoader instanceof WebappProperties) {
+if (((WebappProperties) classLoader).hasLoggingConfig()) {
+is = classLoader.getResourceAsStream("logging.properties");
+}
+} else if (classLoader instanceof URLClassLoader) {
 URL logConfig = 
((URLClassLoader)classLoader).findResource("logging.properties");
 
 if(null != logConfig) {

Modified: tomcat/trunk/java/org/apache/juli/WebappProperties.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/juli/WebappProperties.java?rev=1805613=1805612=1805613=diff
==
--- tomcat/trunk/java/org/apache/juli/WebappProperties.java (original)
+++ tomcat/trunk/java/org/apache/juli/WebappProperties.java Mon Aug 21 09:48:09 
2017
@@ -51,4 +51,15 @@ public interface WebappProperties {
  * null if none is available.
  */
 String getServiceName();
+
+/**
+ * Enables JULI to determine if the web application includes a local
+ * configuration without JULI having to look for the file which it may not
+ * have permission to do when running under a SecurityManager.
+ *
+ * @return {@code true} if the web application includes a logging
+ * configuration at the standard location of
+ * /WEB-INF/classes/logging.properties.
+ */
+boolean hasLoggingConfig();
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml

svn commit: r1805612 - in /tomcat/trunk: java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java test/org/apache/tomcat/util/net/TesterSupport.java

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 09:44:16 2017
New Revision: 1805612

URL: http://svn.apache.org/viewvc?rev=1805612=rev
Log:
Fix IDE nags

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java?rev=1805612=1805611=1805612=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java Mon 
Aug 21 09:44:16 2017
@@ -29,7 +29,7 @@ public class OpenSSLConf {
 private static final Log log = LogFactory.getLog(OpenSSLConf.class);
 private static final StringManager sm = 
StringManager.getManager(OpenSSLConf.class);
 
-private final List commands = new 
ArrayList();
+private final List commands = new ArrayList<>();
 
 public void addCmd(OpenSSLConfCmd cmd) {
 commands.add(cmd);
@@ -65,10 +65,12 @@ public class OpenSSLConf {
 return false;
 }
 if (rc <= 0) {
-log.error(sm.getString("opensslconf.failedCommand", name, 
value, rc));
+log.error(sm.getString("opensslconf.failedCommand", name, 
value,
+Integer.toString(rc)));
 result = false;
 } else if (log.isDebugEnabled()) {
-log.debug(sm.getString("opensslconf.resultCommand", name, 
value, rc));
+log.debug(sm.getString("opensslconf.resultCommand", name, 
value,
+Integer.toString(rc)));
 }
 }
 if (!result) {
@@ -110,10 +112,12 @@ public class OpenSSLConf {
 return false;
 }
 if (rc <= 0) {
-log.error(sm.getString("opensslconf.failedCommand", name, 
value, rc));
+log.error(sm.getString("opensslconf.failedCommand", name, 
value,
+Integer.toString(rc)));
 result = false;
 } else if (log.isDebugEnabled()) {
-log.debug(sm.getString("opensslconf.resultCommand", name, 
value, rc));
+log.debug(sm.getString("opensslconf.resultCommand", name, 
value,
+Integer.toString(rc)));
 }
 }
 try {
@@ -124,7 +128,7 @@ public class OpenSSLConf {
 return false;
 }
 if (rc <= 0) {
-log.error(sm.getString("opensslconf.finishFailed", rc));
+log.error(sm.getString("opensslconf.finishFailed", 
Integer.toString(rc)));
 result = false;
 }
 if (!result) {

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1805612=1805611=1805612=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Mon Aug 21 
09:44:16 2017
@@ -253,8 +253,8 @@ public final class TesterSupport {
 return clientAuthExpectedIssuer;
 }
 
-protected static void trackTrackingKeyManagers(KeyManager wrapper, 
KeyManager wrapped,
-   String usage, Principal[] 
issuers) {
+protected static void trackTrackingKeyManagers(@SuppressWarnings("unused") 
KeyManager wrapper,
+@SuppressWarnings("unused") KeyManager wrapped, String usage, 
Principal[] issuers) {
 lastUsage = usage;
 lastRequestedIssuers = issuers;
 }
@@ -268,7 +268,7 @@ public final class TesterSupport {
 }
 
 protected static Principal getLastClientAuthRequestedIssuer(int index) {
-return lastRequestedIssuers[0];
+return lastRequestedIssuers[index];
 }
 
 protected static boolean checkLastClientAuthRequestedIssuers() {



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61415] SSL protocol error with Chrome, client certificates and OpenSSL/NIO in Tomcat 8.5

2017-08-21 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=61415

Mark Thomas  changed:

   What|Removed |Added

 OS||All

--- Comment #1 from Mark Thomas  ---
I can reproduce this with the latest tomcat-native and 9.0.x

I also see a JVM crash when shutting down Tomcat after this error.

My guess at this point is that Tomcat isn't handling an I/O error during the
initial handshake correctly.

While the error is easily repeatable, tracking it down is going to be a little
tricky because the timing is uncertain. I'm currently investigating tools to
make finding this (and similar bugs) a little easier.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1805607 - in /tomcat/site/trunk/docs/native-doc: index.html news/2008.html news/2009.html news/2010.html news/2011.html news/2012.html news/2013.html news/2014.html news/2015.html news/20

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 08:32:53 2017
New Revision: 1805607

URL: http://svn.apache.org/viewvc?rev=1805607=rev
Log:
Belatedly update site for 1.2.12 release

Added:
tomcat/site/trunk/docs/native-doc/news/2017.html   (with props)
Modified:
tomcat/site/trunk/docs/native-doc/index.html
tomcat/site/trunk/docs/native-doc/news/2008.html
tomcat/site/trunk/docs/native-doc/news/2009.html
tomcat/site/trunk/docs/native-doc/news/2010.html
tomcat/site/trunk/docs/native-doc/news/2011.html
tomcat/site/trunk/docs/native-doc/news/2012.html
tomcat/site/trunk/docs/native-doc/news/2013.html
tomcat/site/trunk/docs/native-doc/news/2014.html
tomcat/site/trunk/docs/native-doc/news/2015.html
tomcat/site/trunk/docs/native-doc/news/2016.html

Modified: tomcat/site/trunk/docs/native-doc/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/index.html?rev=1805607=1805606=1805607=diff
==
--- tomcat/site/trunk/docs/native-doc/index.html (original)
+++ tomcat/site/trunk/docs/native-doc/index.html Mon Aug 21 08:32:53 2017
@@ -1,5 +1,5 @@
 
-Apache Tomcat Native Library - Documentation 
Indexhttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">Apache Tomcat Native 
LibraryLinksDocs 
HomeMiscellaneous 
DocumentationChangelogNews201620152014201320122011201020092008Documentation IndexIntroduction
+Apache Tomcat Native Library - Documentation 
Indexhttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">Apache Tomcat Native 
LibraryLinksDocs 
HomeMiscellaneous 
DocumentationChangelogNews2017201620152014201320122011201020092008Documentation IndexIntroduction
 
   
 The Apache Tomcat Native Library is an optional component for use with
@@ -32,16 +32,16 @@ manual is described in more detail below
 Headlines
 
 
-5 October 2016 - TC-Native-1.2.10
+26 June 2017 - TC-Native-1.2.12
 released
 The Apache Tomcat team is proud to announce the immediate availability of
-Tomcat Native 1.2.10 Stable.
+Tomcat Native 1.2.12 Stable.
 
 The sources and the binaries for selected platforms are available from the
 Download page.
 
 
-Please see the ChangeLog for a full
+Please see the Changelog for a full
 list of changes.
 
 
@@ -156,10 +156,12 @@ Feb 8, 2015 12:27:41 PM org.apache.catal
 INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], 
random [true].
 Feb 8, 2015 12:27:41 PM org.apache.coyote.http11.Http11AprProtocol init
 INFO: Initializing Coyote HTTP/1.1 on http-8080
+
   
 Refer to the tomcat documentation to configure the connectors
-(See http://tomcat.apache.org/tomcat-8.0-doc/apr.html;>Tomcat 
8.0.x,
-http://tomcat.apache.org/tomcat-7.0-doc/apr.html;>Tomcat 7.0.x
+(See http://tomcat.apache.org/tomcat-8.5-doc/apr.html;>Tomcat 
8.5.x,
+http://tomcat.apache.org/tomcat-8.0-doc/apr.html;>Tomcat 
8.0.x,
+http://tomcat.apache.org/tomcat-7.0-doc/apr.html;>Tomcat 
7.0.x,
 and http://tomcat.apache.org/tomcat-6.0-doc/apr.html;>Tomcat 
6.0.x)
   
 

Modified: tomcat/site/trunk/docs/native-doc/news/2008.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/news/2008.html?rev=1805607=1805606=1805607=diff
==
--- tomcat/site/trunk/docs/native-doc/news/2008.html (original)
+++ tomcat/site/trunk/docs/native-doc/news/2008.html Mon Aug 21 08:32:53 2017
@@ -1,5 +1,5 @@
 
-The Apache Tomcat Native - News - 2008 News and 
Statushttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">The Apache Tomcat Native - 
NewsLinksDocs Home
 Miscellaneous 
DocumentationChangelogNews2016201520142013201220112010200920082008 News and Status2008 News  Status
+The Apache Tomcat Native - News - 2008 News and 
Statushttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">The Apache Tomcat Native - 
NewsLinksDocs Home
 Miscellaneous 
DocumentationChangelogNews20172016201520142013201220112010200920082008 News and Status2008 News  Status
 18 November - TC-Native-1.1.16 
released
 The Apache Tomcat team is proud to announce the immediate availability
 of Tomcat Native 1.1.16. This is a stable release adding some bug fixes.

Modified: tomcat/site/trunk/docs/native-doc/news/2009.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/news/2009.html?rev=1805607=1805606=1805607=diff
==
--- tomcat/site/trunk/docs/native-doc/news/2009.html (original)
+++ tomcat/site/trunk/docs/native-doc/news/2009.html Mon Aug 21 08:32:53 2017
@@ -1,5 +1,5 @@
 
-The Apache Tomcat Native - News - 2009 News and 
Statushttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">The Apache Tomcat Native - 
NewsLinksDocs Home
 Miscellaneous 
DocumentationChangelogNews2016201520142013201220112010200920082009 News and Status2009 News  Status
+The Apache Tomcat Native - News -

svn commit: r1805606 - in /tomcat/native/trunk: native/src/sslnetwork.c xdocs/miscellaneous/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 08:22:17 2017
New Revision: 1805606

URL: http://svn.apache.org/viewvc?rev=1805606=rev
Log:
Fix renegotiation to obtain a client certificate from a user agent.

Modified:
tomcat/native/trunk/native/src/sslnetwork.c
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1805606=1805605=1805606=diff
==
--- tomcat/native/trunk/native/src/sslnetwork.c (original)
+++ tomcat/native/trunk/native/src/sslnetwork.c Mon Aug 21 08:22:17 2017
@@ -365,13 +365,12 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, hand
 * Check for failed client authentication
 */
 if (con->ctx->verify_mode != SSL_VERIFY_NONE &&
-   (vr = SSL_get_verify_result(con->ssl)) != X509_V_OK) {
+(vr = SSL_get_verify_result(con->ssl)) != X509_V_OK) {
 
 if (SSL_VERIFY_ERROR_IS_OPTIONAL(vr) &&
-con->ctx->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA) {
+con->ctx->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA) {
 /* TODO: Log optionalNoCA */
-}
-else {
+} else {
 /* TODO: Log SSL client authentication failed */
 con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
 /* TODO: Figure out the correct return value */
@@ -623,7 +622,9 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
 tcn_socket_t *s   = J2P(sock, tcn_socket_t *);
 tcn_ssl_conn_t *con;
 int retVal;
+int error = 0;
 char peekbuf[1];
+apr_interval_time_t timeout;
 
 UNREFERENCED_STDARGS;
 TCN_ASSERT(sock != 0);
@@ -633,28 +634,59 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
  * handshake to proceed.
  */
 con->reneg_state = RENEG_ALLOW;
-retVal = SSL_renegotiate(con->ssl);
-if (retVal <= 0)
-return APR_EGENERAL;
 
-retVal = SSL_do_handshake(con->ssl);
+// Schedule a renegotiation request
+retVal = SSL_renegotiate(con->ssl);
 if (retVal <= 0)
 return APR_EGENERAL;
-if (!SSL_is_init_finished(con->ssl)) {
-return APR_EGENERAL;
-}
 
-/* Need to trigger renegotiation handshake by reading.
+/* Need to trigger the renegotiation handshake by reading.
  * Peeking 0 bytes actually works.
  * See: http://marc.info/?t=14549335922=1=2
+ *
+ * This will normally return SSL_ERROR_WANT_READ whether the renegotiation
+ * has been completed or not. Afterwards, need to determine if I/O needs to
+ * be triggered or not.
  */
-SSL_peek(con->ssl, peekbuf, 0);
+retVal = SSL_peek(con->ssl, peekbuf, 0);
+if (retVal < 1) {
+error = SSL_get_error(con->ssl, retVal);
+}
 
-con->reneg_state = RENEG_REJECT;
+apr_socket_timeout_get(con->sock, );
+// If the renegotiation is still pending, then I/O needs to be triggered
+while (SSL_renegotiate_pending(con->ssl)) {
+// SSL_ERROR_WANT_READ is expected. Anything else is an error.
+if (error == SSL_ERROR_WANT_READ) {
+retVal = wait_for_io_or_timeout(con, error, timeout);
+/*
+ * Since this is blocking I/O, anything other than APR_SUCCESS is 
an
+ * error.
+ */
+if (retVal != APR_SUCCESS) {
+printf("ERROR\n");
+con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+return retVal;
+}
+} else {
+return APR_EGENERAL;
+}
 
-if (!SSL_is_init_finished(con->ssl)) {
-return APR_EGENERAL;
+// Re-try SSL_peek after I/O
+retVal = SSL_peek(con->ssl, peekbuf, 0);
+if (retVal < 1) {
+error = SSL_get_error(con->ssl, retVal);
+} else {
+/*
+ * Reset error to handle case where SSL_Peek returns 0 but
+ * SSL_renegotiate_pending returns true. This will trigger an error
+ * to be returned.
+ */
+error = 0;
+}
 }
+
+con->reneg_state = RENEG_REJECT;
 
 return APR_SUCCESS;
 }

Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1805606=1805605=1805606=diff
==
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Mon Aug 21 08:22:17 
2017
@@ -50,6 +50,10 @@
   Fix an error not announcing the correct CA list for client certificates
   during TLS handshake. (rjung)
 
+
+  Fix renegotiation to obtain a client certificate from a user agent.
+  (markt)
+

svn commit: r1805605 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml

2017-08-21 Thread markt

Author: markt
Date: Mon Aug 21 08:20:06 2017
New Revision: 1805605

URL: http://svn.apache.org/viewvc?rev=1805605=rev
Log:
Ensure that the APR/native connector uses blocking I/O for TLS renegotiation.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1805605=1805604=1805605=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Mon Aug 21 
08:20:06 2017
@@ -2835,10 +2835,50 @@ public class AprEndpoint extends Abstrac
 @Override
 public void doClientAuth(SSLSupport sslSupport) throws IOException {
 long socket = getSocket().longValue();
-// Configure connection to require a certificate
+// Configure connection to require a certificate. This requires a
+// re-handshake and must block until the re-handshake completes.
+// Therefore, make sure socket is in blocking mode.
+Lock readLock = getBlockingStatusReadLock();
+WriteLock writeLock = getBlockingStatusWriteLock();
+boolean renegotiateDone = false;
 try {
-SSLSocket.setVerify(socket, SSL.SSL_CVERIFY_REQUIRE, -1);
-SSLSocket.renegotiate(socket);
+readLock.lock();
+try {
+if (getBlockingStatus()) {
+Socket.timeoutSet(getSocket().longValue(), 
getReadTimeout() * 1000);
+
+SSLSocket.setVerify(socket, SSL.SSL_CVERIFY_REQUIRE, 
-1);
+SSLSocket.renegotiate(socket);
+
+renegotiateDone = true;
+}
+} finally {
+readLock.unlock();
+}
+
+if (!renegotiateDone) {
+writeLock.lock();
+try {
+// Set the current settings for this socket
+setBlockingStatus(true);
+Socket.timeoutSet(getSocket().longValue(), 
getReadTimeout() * 1000);
+// Downgrade the lock
+readLock.lock();
+try {
+writeLock.unlock();
+SSLSocket.setVerify(socket, 
SSL.SSL_CVERIFY_REQUIRE, -1);
+SSLSocket.renegotiate(socket);
+} finally {
+readLock.unlock();
+}
+} finally {
+// Should have been released above but may not have 
been on some
+// exception paths
+if (writeLock.isHeldByCurrentThread()) {
+writeLock.unlock();
+}
+}
+}
 } catch (Throwable t) {
 ExceptionUtils.handleThrowable(t);
 throw new IOException(sm.getString("socket.sslreneg"), t);

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805605=1805604=1805605=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 08:20:06 2017
@@ -97,6 +97,10 @@
 Fix possible race condition when setting IO listeners on an upgraded
 connection. (remm)
   
+  
+Ensure that the APR/native connector uses blocking I/O for TLS
+renegotiation. (markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

38 matches

Mail list logo